Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 6.2-OD-6, 6.1.6
Affects Version/s: 6.1.2
Component/s: Issue - Attachments
Labels:

Introduced in Version:
6.01
CVSS Score:
6.5

Hi,

I found a persistent XSS vulnerability when attaching a file to an issue.
The steps to reproduce are the following :

Attach a file to an issue. Its name must contain "<script>alert('XSS')</script>". I used a python script to do that.

Browse to the issue and open the ALL tab under activity. A popup should appear.

See the attachment for the result.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

XSS.png
05/Dec/2013 3:04 PM
31 kB
Yohan Joubert

Testing discovered

JRASERVER-36204 Attachment data-download-url field in href shows ${attachment.mimetype} if unknown mimetype

Closed

mentioned in: Page Loading...

Assignee:: Roman Tekhov (Inactive)
Reporter:: Yohan Joubert
Votes:: 0 Vote for this issue
Watchers:: 6 Start watching this issue

Created:: 05/Dec/2013 3:04 PM
Updated:: 21/May/2020 11:38 AM
Resolved:: 14/Jan/2014 4:25 AM